Office (OLE) / .XLS malware analysis — malicious · 542c0d10a5f65884

MALICIOUS

Office (OLE) / .XLS

214.5 KB Created: 2020-10-01 02:52:46 Authoring application: Microsoft Excel

MD5: d29c95c9dfc15fb54a91f400b1ab40a0 SHA-1: 21980f8abc04434ec1f079280a7de829fcc7be7c SHA-256: 542c0d10a5f658842bc2378d7803cea43b514aec7f7443b29bb21de3319e3e16

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The sample is an Excel 4.0 macro sheet that is encrypted, indicated by the OLE_XLM_ENCRYPTED_MACROSHEET heuristic. The OLE_XLM_AUTOOPEN heuristic suggests that the macros are designed to run automatically upon opening the document. Due to the encrypted nature of the macro sheet, the specific actions and payload could not be determined.

Heuristics 2

Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET

Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN

Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.